KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Using Chained SSL Certificates in 4th Dimension
PRODUCT: 4D | VERSION: 2004 | PLATFORM: Mac & Win
Published On: November 23, 2004

Recently, Verisign and Thawte have been issuing chain certificates when SSL certificates are renewed. A chain certificate is a certificate that refers to another certificate in a hierarchy, and both must be valid and must be matched in order for an SSL session to be created correctly and without error messages from a web browser to the 4D web server.

A good discussion of chain certificates and certificate hierarchy can found here (search for the word "Chain").

When you receive a normal SSL certificate, you rename it CERT.PEM, and place it in the same directory as the 4D structure file. When you receive a chain certificate, you receive two files - a CERT.PEM file and a file named INTERMEDIATE.CRT. What should be done with this extra file to create a chain certificate that will be recognized by 4D?

Luckily, 4D's web server can handle chained certificates. It's an undocumented feature, but it's easy to do. Simply append the contents of INTERMEDIATE.CRT to the end of CERT.PEM, and then make sure each line of the new CERT.PEM file ends with just a linefeed, instead of a carriage return or a carriage return-linefeed combination.

Perform the following steps using an advanced text editor such as BBEdit (Mac) or UltraEdit (Windows):

1. Open INTERMEDIATE.CRT and copy the entire certificate to the clipboard.
2. Open CERT.PEM, and paste the clipboard contents at the end of the certificate, ensuring that the pasted contents begin on the next line of the file. Your certificate will look like this:

-----BEGIN CERTIFICATE-----
… original cert.pem contents …
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
… intermediate.crt contents …
-----END CERTIFICATE-----

3. Using your advanced text editor, make sure each line ends with just a linefeed character (ASCII 10), and not a carriage return (ASCII 13) or a carriage return/linefeed pair. Do a global search and replace, first replacing carriage return-linefeed with linefeed, and then (if you are using a Macintosh) replacing carriage return with linefeed. You probably do not need to do the second search and replace if you are using a Windows system, since most Windows text editors will never end a line with just a carriage return.
4. Save the file as CERT.PEM, and place it in the same directory as your structure file.
5. Test the certificate with the 4D web server.